I am seeking advice on how to securely store passwords in MySQL using PHP.
我正在寻求关于如何使用PHP在MySQL中安全地存储密码的建议。
Overlooking the limitations of PHP itself, I want to know more about salting, hashing, and encrypting these bad boys.
忽略PHP本身的局限性,我想了解更多关于盐渍、散列和加密这些坏家伙的信息。
Obviously people will continue to use weak passwords unless forced to do otherwise, but it's how I am storing them that is important to me. My user's passwords are far more important to me than the database itself, and as such I want to keep them in such a way that it will be painstaking and monotonous for any script kiddie trying reverse. Obviously with due diligence just about anything can be defeated, but I wouldn't mind making this particularly bothersome.
很明显,人们会继续使用弱密码,除非*这样做,但对我来说,重要的是我如何存储它们。我的用户的密码对我来说比数据库本身重要得多,因此我想让他们保持这样一种方式,对于任何试图颠倒的脚本kiddie来说,这将是一项艰苦而单调的工作。显然,只要有尽职调查,任何事情都可能被击败,但我不介意让这件事特别麻烦。
There are two scenarios we are looking at.
我们正在研究两种情况。
- The kiddie has a complete copy of the database.
- kiddie拥有数据库的完整副本。
- The kiddie has a complete copy of the PHP used to craft the password, and the database.
- kiddie拥有用于创建密码的PHP和数据库的完整副本。
Any and all advice on this topic is graciously appreciated.
任何关于这个话题的建议都是非常感谢的。
6 个解决方案
#1
17
Use bcrypt. If someone has the user table of your database, then they can use brute force/rainbow tables/etc to their heart's content. Even with salt, if you're using MD5 or some other fast-hashing algorithm (which aren't designed to solve this problem, by the way); it's just a matter of time before it can be cracked.
使用bcrypt。如果某人有您的数据库的用户表,那么他们可以使用蛮力/彩虹表等来满足自己的需求。即使是使用salt,如果您使用MD5或其他快速哈希算法(顺便说一下,这不是为解决这个问题而设计的);它要被破解只是时间问题。
Any well-known and widely-supported hashing algorithm is going to have this same basic "flaw" (if you can call it that; it's really by definition). The difference is that bcrypt is slow as molasses when performing the hashing operation, rendering a brute force attack much less effective.
任何知名的、广泛支持的散列算法都会有同样的基本“缺陷”(如果你可以这样称呼它的话;它的真正定义)。不同的是,在执行散列操作时,bcrypt是慢的,这使得蛮力攻击的效果大大降低。
For an absolutely great discussion on the merits of bcrypt, the dangers of other approaches, and the difficulty of password security in general, read this thread. It has lots of comments by many people that are much more knowledgeable about this sort of thing than I am, and it should hopefully help you understand more of the issues at stake.
要对bcrypt的优点、其他方法的危险以及密码安全性的一般困难进行绝对深入的讨论,请阅读本文。它有许多人的评论,他们比我更了解这类事情,希望它能帮助你理解更多的问题。
#2
8
Assuming you're using username and password as authentication tokens you can safely store the following to ensure the data can't be compromised.
假设您使用用户名和密码作为身份验证标记,您可以安全地存储以下内容,以确保数据不会被破坏。
- Username (in plaintext)
- 用户名(明文)
- Salt (random string)
- 盐(随机字符串)
- Salted Hash (sha1(username + salt + password))
- 盐散列(sha1(用户名+盐+密码))
Using the scheme, an attacker cannot use rainbow tables against you and the passwords are not recoverable by any (reasonable) means. (That is, as long as your attacker isn't the government)
使用此方案,攻击者不能对您使用彩虹表,而且任何(合理的)方法都无法恢复密码。(也就是说,只要攻击你的人不是*)
Even though the attacker has the salt and hash pairs it's not possible to use rainbow tables because all the possible hashes will need to be computed anyway, using the salt that they've been given, so it's a brand new brute force attack for each user.
即使攻击者有盐和散列对,也不可能使用彩虹表,因为所有可能的哈希都需要计算,使用他们已经给出的盐,所以这是针对每个用户的全新的蛮力攻击。
Even with the source code and attacker won't be able to get hold of the passwords because the strength/security is in the hashing algorithm, not your code.
即使有了源代码,攻击者也无法获得密码,因为强度/安全性在散列算法中,而不是您的代码中。
Combine this with using bcrypt as per Donut's answer and you're really quite safe. That is:
结合使用bcrypt根据甜甜圈的回答,你真的很安全。那就是:
- Username (in plaintext)
- 用户名(明文)
- Salt (random string)
- 盐(随机字符串)
- Salted Hash (bcrypt(username + salt + password))
- 盐渍哈希(bcrypt(用户名+盐+密码))
#3
3
Taking advice from here, for added fun you can dynamically change your salt as well. For example, use different salts for usernames of different length, use the user's registration date as the salt. This makes it that even if someone DOES get to your database, they can't just re-generate the hash, they have to calculate a hash table for each salt that you used.
从这里接受建议,为了增加乐趣,你也可以动态地改变你的盐。例如,对不同长度的用户名使用不同的盐,使用用户的注册日期作为盐。这使得即使有人访问了您的数据库,他们也不能仅仅重新生成哈希,他们必须为您使用的每个盐计算一个哈希表。
#4
1
If your users are over the internet, OpenId would be one of your best options. http://openid.net/
如果你的用户在互联网上,OpenId将是你最好的选择之一。http://openid.net/
If your users are on your network, can you do Integrated Security?
如果你的用户在你的网络上,你能做集成安全吗?
In other words.. do not store their passwords.
换句话说. .不要储存他们的密码。
#5
1
Usually "salted" passwords (like with bcrypt) mean that not the password itself is stored, but only something like
通常,“咸”密码(如bcrypt)意味着不会存储密码本身,而是存储类似的东西
salt
hash(salt with password appended)
Now if the kiddie has your database (and of course, the code - there is no point in keeping the code secret), he/she can only guess passwords, calculate the salted hash, and compare. If the hash function is expensive (like bcrypt is), than guessing is expensive too.
现在,如果kiddie拥有您的数据库(当然,还有代码——没有必要将代码保密),那么他/她只能猜测密码、计算盐散列并进行比较。如果哈希函数很昂贵(比如bcrypt),那么猜测也很昂贵。
#6
1
It's simple
它很简单
store(sha256("somesalt" + password));
And nobody will be able to reverse it :)
没有人能逆转它:
See also: https://*.com/questions/3897434/password-security-sha1-sha256-or-sha512
参见:https://*.com/questions/3897434/password-security-sha1-sha256-or-sha512
#1
17
Use bcrypt. If someone has the user table of your database, then they can use brute force/rainbow tables/etc to their heart's content. Even with salt, if you're using MD5 or some other fast-hashing algorithm (which aren't designed to solve this problem, by the way); it's just a matter of time before it can be cracked.
使用bcrypt。如果某人有您的数据库的用户表,那么他们可以使用蛮力/彩虹表等来满足自己的需求。即使是使用salt,如果您使用MD5或其他快速哈希算法(顺便说一下,这不是为解决这个问题而设计的);它要被破解只是时间问题。
Any well-known and widely-supported hashing algorithm is going to have this same basic "flaw" (if you can call it that; it's really by definition). The difference is that bcrypt is slow as molasses when performing the hashing operation, rendering a brute force attack much less effective.
任何知名的、广泛支持的散列算法都会有同样的基本“缺陷”(如果你可以这样称呼它的话;它的真正定义)。不同的是,在执行散列操作时,bcrypt是慢的,这使得蛮力攻击的效果大大降低。
For an absolutely great discussion on the merits of bcrypt, the dangers of other approaches, and the difficulty of password security in general, read this thread. It has lots of comments by many people that are much more knowledgeable about this sort of thing than I am, and it should hopefully help you understand more of the issues at stake.
要对bcrypt的优点、其他方法的危险以及密码安全性的一般困难进行绝对深入的讨论,请阅读本文。它有许多人的评论,他们比我更了解这类事情,希望它能帮助你理解更多的问题。
#2
8
Assuming you're using username and password as authentication tokens you can safely store the following to ensure the data can't be compromised.
假设您使用用户名和密码作为身份验证标记,您可以安全地存储以下内容,以确保数据不会被破坏。
- Username (in plaintext)
- 用户名(明文)
- Salt (random string)
- 盐(随机字符串)
- Salted Hash (sha1(username + salt + password))
- 盐散列(sha1(用户名+盐+密码))
Using the scheme, an attacker cannot use rainbow tables against you and the passwords are not recoverable by any (reasonable) means. (That is, as long as your attacker isn't the government)
使用此方案,攻击者不能对您使用彩虹表,而且任何(合理的)方法都无法恢复密码。(也就是说,只要攻击你的人不是*)
Even though the attacker has the salt and hash pairs it's not possible to use rainbow tables because all the possible hashes will need to be computed anyway, using the salt that they've been given, so it's a brand new brute force attack for each user.
即使攻击者有盐和散列对,也不可能使用彩虹表,因为所有可能的哈希都需要计算,使用他们已经给出的盐,所以这是针对每个用户的全新的蛮力攻击。
Even with the source code and attacker won't be able to get hold of the passwords because the strength/security is in the hashing algorithm, not your code.
即使有了源代码,攻击者也无法获得密码,因为强度/安全性在散列算法中,而不是您的代码中。
Combine this with using bcrypt as per Donut's answer and you're really quite safe. That is:
结合使用bcrypt根据甜甜圈的回答,你真的很安全。那就是:
- Username (in plaintext)
- 用户名(明文)
- Salt (random string)
- 盐(随机字符串)
- Salted Hash (bcrypt(username + salt + password))
- 盐渍哈希(bcrypt(用户名+盐+密码))
#3
3
Taking advice from here, for added fun you can dynamically change your salt as well. For example, use different salts for usernames of different length, use the user's registration date as the salt. This makes it that even if someone DOES get to your database, they can't just re-generate the hash, they have to calculate a hash table for each salt that you used.
从这里接受建议,为了增加乐趣,你也可以动态地改变你的盐。例如,对不同长度的用户名使用不同的盐,使用用户的注册日期作为盐。这使得即使有人访问了您的数据库,他们也不能仅仅重新生成哈希,他们必须为您使用的每个盐计算一个哈希表。
#4
1
If your users are over the internet, OpenId would be one of your best options. http://openid.net/
如果你的用户在互联网上,OpenId将是你最好的选择之一。http://openid.net/
If your users are on your network, can you do Integrated Security?
如果你的用户在你的网络上,你能做集成安全吗?
In other words.. do not store their passwords.
换句话说. .不要储存他们的密码。
#5
1
Usually "salted" passwords (like with bcrypt) mean that not the password itself is stored, but only something like
通常,“咸”密码(如bcrypt)意味着不会存储密码本身,而是存储类似的东西
salt
hash(salt with password appended)
Now if the kiddie has your database (and of course, the code - there is no point in keeping the code secret), he/she can only guess passwords, calculate the salted hash, and compare. If the hash function is expensive (like bcrypt is), than guessing is expensive too.
现在,如果kiddie拥有您的数据库(当然,还有代码——没有必要将代码保密),那么他/她只能猜测密码、计算盐散列并进行比较。如果哈希函数很昂贵(比如bcrypt),那么猜测也很昂贵。
#6
1
It's simple
它很简单
store(sha256("somesalt" + password));
And nobody will be able to reverse it :)
没有人能逆转它:
See also: https://*.com/questions/3897434/password-security-sha1-sha256-or-sha512
参见:https://*.com/questions/3897434/password-security-sha1-sha256-or-sha512